acme-client 2.0.2 → 2.0.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 05f87acfd3874c1d642f80201ef97d81abee4c36e97f194227f0a4cf3501f981
-  data.tar.gz: 688ad48aca9ef6350f0350a8ed719f8efea00c611995124c56c1221160219152
+  metadata.gz: 718dac85c8139621711a030272097498d04414ca52c9d84544b8bac32179e8a1
+  data.tar.gz: 9e929450733261f291a62b96f5056ed89e8c235cae010805ddccfc3efb17188c
 SHA512:
-  metadata.gz: e23b7f8b4116da8dd7bc9834ef4fb441bb90f2f3a54fae653bed0a3ea56d6d0a7b98642df443dd08834ffdd46b3f5b86b995d3b4eb4253f6f43511babe010592
-  data.tar.gz: 706a2d72509b69a754c0a40d676652bde2f2ed284abdbed26982991c65ac42beb74586fddf2f790144de839f7ef570cae31617a882574459093a5ab157dc65a4
+  metadata.gz: f6e77c41a67b3f2fe9d6e373d58e928bfc0ee2523ac7b0ce2beb93167179a0950045cbb0ec4f5d8616527108814001acd0da7909a8bb0df8dac9b6ddde8bfbba
+  data.tar.gz: 9eba181b543cfe437e2043970b2e74cd691944457d43d3c3ea052cf10d3134e59b51aa8ee3522c36f27b25c212797e44e0e29b86f96b13361e98ca07d054ccac

data/.gitignore

@@ -9,3 +9,4 @@
 /tmp/
 /vendor/bundle
 /.idea/
+.tool-versions

data/.rubocop.yml

@@ -7,133 +7,128 @@ AllCops:
 Rails:
   Enabled: false
 
-Style/FileName:
-  Exclude:
-    - 'lib/acme-client.rb'
+Layout/AlignParameters:
+  EnforcedStyle: with_fixed_indentation
 
-Lint/AssignmentInCondition:
+Layout/ElseAlignment:
   Enabled: false
 
-Style/ClassAndModuleChildren:
-  Enabled: false
+Layout/FirstParameterIndentation:
+  EnforcedStyle: consistent
 
-Style/Documentation:
+Layout/IndentationWidth:
   Enabled: false
 
 Layout/MultilineOperationIndentation:
   Enabled: false
 
-Style/SignalException:
-  EnforcedStyle: only_raise
-
-Layout/AlignParameters:
-  EnforcedStyle: with_fixed_indentation
-
-Layout/ElseAlignment:
+Layout/SpaceInsideBlockBraces:
   Enabled: false
 
-Style/MultipleComparison:
+Lint/AmbiguousOperator:
   Enabled: false
 
-Layout/IndentationWidth:
+Lint/AssignmentInCondition:
   Enabled: false
 
-Style/SymbolArray:
+Lint/EndAlignment:
   Enabled: false
 
-Layout/FirstParameterIndentation:
-  EnforcedStyle: consistent
-
-Style/TrailingCommaInArguments:
-  Enabled: false
+Lint/UnusedMethodArgument:
+  AllowUnusedKeywordArguments: true
 
-Style/PercentLiteralDelimiters:
+Metrics/AbcSize:
   Enabled: false
 
 Metrics/BlockLength:
   Enabled: false
 
-Layout/SpaceInsideBlockBraces:
+Metrics/ClassLength:
   Enabled: false
 
-Style/StringLiterals:
-  Enabled: single_quotes
+Metrics/CyclomaticComplexity:
+  Enabled: false
 
 Metrics/LineLength:
   Max: 140
 
+Metrics/MethodLength:
+  Max: 15
+  Enabled: false
+
 Metrics/ParameterLists:
   Max: 5
   CountKeywordArgs: false
 
-Lint/EndAlignment:
+Metrics/PerceivedComplexity:
   Enabled: false
 
-Style/ParallelAssignment:
+Security/JSONLoad:
   Enabled: false
 
-Style/ModuleFunction:
+Style/AccessorMethodName:
   Enabled: false
 
-Style/TrivialAccessors:
-  AllowPredicates: true
-
-Lint/UnusedMethodArgument:
-  AllowUnusedKeywordArguments: true
+Style/Alias:
+  Enabled: false
 
-Metrics/MethodLength:
-  Max: 15
+Style/BlockDelimiters:
+  EnforcedStyle: semantic
 
-Style/DoubleNegation:
+Style/ClassAndModuleChildren:
   Enabled: false
 
-Style/IfUnlessModifier:
+Style/Documentation:
   Enabled: false
 
-Style/MultilineBlockChain:
+Style/DoubleNegation:
   Enabled: false
 
-Style/BlockDelimiters:
-  EnforcedStyle: semantic
+Style/FileName:
+  Exclude:
+    - 'lib/acme-client.rb'
 
-Style/Lambda:
+Style/GlobalVars:
   Enabled: false
 
 Style/GuardClause:
   Enabled: false
 
-Style/Alias:
+Style/IfUnlessModifier:
   Enabled: false
 
-Lint/AmbiguousOperator:
+Style/Lambda:
   Enabled: false
 
-Metrics/MethodLength:
+Style/ModuleFunction:
   Enabled: false
 
-Metrics/PerceivedComplexity:
+Style/MultilineBlockChain:
   Enabled: false
 
-Metrics/CyclomaticComplexity:
+Style/MultipleComparison:
   Enabled: false
 
-Metrics/AbcSize:
+Style/MutableConstant:
   Enabled: false
 
-Metrics/ClassLength:
+Style/ParallelAssignment:
   Enabled: false
 
-Style/MutableConstant:
+Style/PercentLiteralDelimiters:
   Enabled: false
 
-Style/GlobalVars:
-  Enabled: false
+Style/SignalException:
+  EnforcedStyle: only_raise
 
-Style/ExpandPathArguments:
+Style/SymbolArray:
   Enabled: false
 
-Security/JSONLoad:
-  Enabled: false
+Style/StringLiterals:
+  Enabled: single_quotes
 
-Style/AccessorMethodName:
+Style/TrailingCommaInArguments:
   Enabled: false
+
+Style/TrivialAccessors:
+  AllowPredicates: true

data/.travis.yml

@@ -1,7 +1,10 @@
 language: ruby
 cache: bundler
 rvm:
-  - 2.1
-  - 2.2
-  - 2.3.3
-  - 2.4.0
+  - 2.5
+  - 2.6
+  - 2.7
+
+before_install:
+  - gem uninstall -v '>= 2' -i $(rvm gemdir)@global -ax bundler || true
+  - gem install bundler -v '< 2'

data/CHANGELOG.md

@@ -1,10 +1,31 @@
+## `2.0.7`
+
+* Add support for alternate certificate chain
+* Change `Link` headers parsing to return array of value. This add support multiple entries at the same `rel`
+
+## `2.0.6`
+
+* Allow Faraday up to `< 2.0`
+
+## `2.0.5`
+
+* Use post-as-get
+* Remove deprecated keyAuthorization
+
+## `2.0.4`
+
+* Add an option to retry bad nonce errors
+
+## `2.0.3`
+
+* Do not try to set the body on GET request
+
 ## `2.0.2`
 
 * Fix constant lookup on InvalidDirectory
 * Forward connection options when fetching nonce
 * Fix splats without parenthesis warning
 
-
 ## `2.0.1`
 
 * Properly require URI

data/Gemfile

@@ -1,4 +1,5 @@
 source 'https://rubygems.org'
+
 gemspec
 
 group :development, :test do

data/README.md

@@ -2,7 +2,7 @@
 
 [![Build Status](https://travis-ci.org/unixcharles/acme-client.svg?branch=master)](https://travis-ci.org/unixcharles/acme-client)
 
-`acme-client` is a client implementation of the [ACMEv2](https://github.com/ietf-wg-acme/acme) protocol in Ruby.
+`acme-client` is a client implementation of the ACMEv2 / [RFC 8555](https://tools.ietf.org/html/rfc8555) protocol in Ruby.
 
 You can find the ACME reference implementations of the [server](https://github.com/letsencrypt/boulder) in Go and the [client](https://github.com/certbot/certbot) in Python.
 
@@ -182,7 +182,10 @@ Certificate generation happens asynchronously. You may need to poll.
 ```ruby
 csr = Acme::Client::CertificateRequest.new(private_key: a_different_private_key, subject: { common_name: 'example.com' })
 order.finalize(csr: csr)
-sleep(1) while order.status == 'processing'
+while order.status == 'processing'
+  sleep(1)
+  order.reload
+end
 order.certificate # => PEM-formatted certificate
 ```
 
@@ -198,7 +201,7 @@ client.revoke(certificate: certificate)
 
 ### Certificate renewal
 
-The is no renewal process, just create a new order.
+There is no renewal process, just create a new order.
 
 
 ## Not implemented

data/acme-client.gemspec

@@ -16,11 +16,15 @@ Gem::Specification.new do |spec|
 
   spec.required_ruby_version = '>= 2.1.0'
 
-  spec.add_development_dependency 'bundler', '~> 1.6', '>= 1.6.9'
-  spec.add_development_dependency 'rake', '~> 10.0'
-  spec.add_development_dependency 'rspec', '~> 3.3', '>= 3.3.0'
-  spec.add_development_dependency 'vcr', '~> 2.9', '>= 2.9.3'
-  spec.add_development_dependency 'webmock', '~> 1.21', '>= 1.21.0'
+  spec.add_development_dependency 'bundler', '>= 1.17.3'
+  if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.2')
+    spec.add_development_dependency 'rake', '>= 12.0'
+  else
+    spec.add_development_dependency 'rake', '~> 13.0'
+  end
+  spec.add_development_dependency 'rspec', '~> 3.9'
+  spec.add_development_dependency 'vcr', '~> 2.9'
+  spec.add_development_dependency 'webmock', '~> 3.8'
 
-  spec.add_runtime_dependency 'faraday', '~> 0.9', '>= 0.9.1'
+  spec.add_runtime_dependency 'faraday', '>= 0.17', '< 2.0.0'
 end

data/bin/release

@@ -13,6 +13,7 @@ def `(command)
   end
 end
 
+`git add CHANGELOG.md`
 `git add lib/acme/client/version.rb`
 `git commit -m "bump to #{version}"`
 `git pull --rebase origin master`

data/lib/acme/client.rb

@@ -20,6 +20,7 @@ require 'acme/client/faraday_middleware'
 require 'acme/client/jwk'
 require 'acme/client/error'
 require 'acme/client/util'
+require 'acme/client/chain_identifier'
 
 class Acme::Client
   DEFAULT_DIRECTORY = 'http://127.0.0.1:4000/directory'.freeze
@@ -29,7 +30,7 @@ class Acme::Client
     pem: 'application/pem-certificate-chain'
   }
 
-  def initialize(jwk: nil, kid: nil, private_key: nil, directory: DEFAULT_DIRECTORY, connection_options: {})
+  def initialize(jwk: nil, kid: nil, private_key: nil, directory: DEFAULT_DIRECTORY, connection_options: {}, bad_nonce_retry: 0)
     if jwk.nil? && private_key.nil?
       raise ArgumentError, 'must specify jwk or private_key'
     end
@@ -41,6 +42,7 @@ class Acme::Client
     end
 
     @kid, @connection_options = kid, connection_options
+    @bad_nonce_retry = bad_nonce_retry
     @directory = Acme::Client::Resources::Directory.new(URI(directory), @connection_options)
     @nonces ||= []
   end
@@ -89,7 +91,7 @@ class Acme::Client
       response.headers.fetch(:location)
     end
 
-    response = post(@kid)
+    response = post_as_get(@kid)
     arguments = attributes_from_account_response(response)
     Acme::Client::Resources::Account.new(self, url: @kid, **arguments)
   end
@@ -100,13 +102,7 @@ class Acme::Client
 
   def new_order(identifiers:, not_before: nil, not_after: nil)
     payload = {}
-    payload['identifiers'] = if identifiers.is_a?(Hash)
-      identifiers
-    else
-      Array(identifiers).map do |identifier|
-        { type: 'dns', value: identifier }
-      end
-    end
+    payload['identifiers'] = prepare_order_identifiers(identifiers)
     payload['notBefore'] = not_before if not_before
     payload['notAfter'] = not_after if not_after
 
@@ -116,7 +112,7 @@ class Acme::Client
   end
 
   def order(url:)
-    response = get(url)
+    response = post_as_get(url)
     arguments = attributes_from_order_response(response)
     Acme::Client::Resources::Order.new(self, **arguments.merge(url: url))
   end
@@ -132,13 +128,28 @@ class Acme::Client
     Acme::Client::Resources::Order.new(self, **arguments)
   end
 
-  def certificate(url:)
+  def certificate(url:, force_chain: nil)
     response = download(url, format: :pem)
-    response.body
+    pem = response.body
+
+    return pem if force_chain.nil?
+
+    return pem if ChainIdentifier.new(pem).match_name?(force_chain)
+
+    alternative_urls = Array(response.headers.dig('link', 'alternate'))
+    alternative_urls.each do |alternate_url|
+      response = download(alternate_url, format: :pem)
+      pem = response.body
+      if ChainIdentifier.new(pem).match_name?(force_chain)
+        return pem
+      end
+    end
+
+    raise Acme::Client::Error::ForcedChainNotFound, "Could not find any matching chain for `#{force_chain}`"
   end
 
   def authorization(url:)
-    response = get(url)
+    response = post_as_get(url)
     arguments = attributes_from_authorization_response(response)
     Acme::Client::Resources::Authorization.new(self, url: url, **arguments)
   end
@@ -150,13 +161,13 @@ class Acme::Client
   end
 
   def challenge(url:)
-    response = get(url)
+    response = post_as_get(url)
     arguments = attributes_from_challenge_response(response)
     Acme::Client::Resources::Challenges.new(self, **arguments)
   end
 
-  def request_challenge_validation(url:, key_authorization:)
-    response = post(url, payload: { keyAuthorization: key_authorization })
+  def request_challenge_validation(url:, key_authorization: nil)
+    response = post(url, payload: {})
     arguments = attributes_from_challenge_response(response)
     Acme::Client::Resources::Challenges.new(self, **arguments)
   end
@@ -205,6 +216,20 @@ class Acme::Client
 
   private
 
+  def prepare_order_identifiers(identifiers)
+    if identifiers.is_a?(Hash)
+      [identifiers]
+    else
+      Array(identifiers).map do |identifier|
+        if identifier.is_a?(String)
+          { type: 'dns', value: identifier }
+        else
+          identifier
+        end
+      end
+    end
+  end
+
   def attributes_from_account_response(response)
     extract_attributes(
       response.body,
@@ -251,14 +276,19 @@ class Acme::Client
     connection.post(url, payload)
   end
 
+  def post_as_get(url, mode: :kid)
+    connection = connection_for(url: url, mode: mode)
+    connection.post(url, nil)
+  end
+
   def get(url, mode: :kid)
     connection = connection_for(url: url, mode: mode)
     connection.get(url)
   end
 
   def download(url, format:)
-    connection = connection_for(url: url, mode: :download)
-    connection.get do |request|
+    connection = connection_for(url: url, mode: :kid)
+    connection.post do |request|
       request.url(url)
       request.headers['Accept'] = CONTENT_TYPES.fetch(format)
     end
@@ -280,6 +310,12 @@ class Acme::Client
 
   def new_connection(endpoint:)
     Faraday.new(endpoint, **@connection_options) do |configuration|
+      if @bad_nonce_retry > 0
+        configuration.request(:retry,
+          max: @bad_nonce_retry,
+          methods: Faraday::Connection::METHODS,
+          exceptions: [Acme::Client::Error::BadNonce])
+      end
       yield(configuration) if block_given?
       configuration.adapter Faraday.default_adapter
     end

data/lib/acme/client/chain_identifier.rb

@@ -0,0 +1,27 @@
+class Acme::Client
+  class ChainIdentifier
+    def initialize(pem_certificate_chain)
+      @pem_certificate_chain = pem_certificate_chain
+    end
+
+    def match_name?(name)
+      issuers.any? do |issuer|
+        issuer.include?(name)
+      end
+    end
+
+    private
+
+    def issuers
+      x509_certificates.map(&:issuer).map(&:to_s)
+    end
+
+    def x509_certificates
+      @x509_certificates ||= splitted_pem_certificates.map { |pem| OpenSSL::X509::Certificate.new(pem) }
+    end
+
+    def splitted_pem_certificates
+      @pem_certificate_chain.each_line.slice_after(/END CERTIFICATE/).map(&:join)
+    end
+  end
+end

data/lib/acme/client/error.rb

@@ -7,6 +7,7 @@ class Acme::Client::Error < StandardError
   class UnsupportedChallengeType < ClientError; end
   class NotFound < ClientError; end
   class CertificateNotReady < ClientError; end
+  class ForcedChainNotFound < ClientError; end
 
   class ServerError < Acme::Client::Error; end
   class BadCSR < ServerError; end

data/lib/acme/client/faraday_middleware.rb

@@ -16,7 +16,10 @@ class Acme::Client::FaradayMiddleware < Faraday::Middleware
     @env[:request_headers]['User-Agent'] = Acme::Client::USER_AGENT
     @env[:request_headers]['Content-Type'] = CONTENT_TYPE
 
-    @env.body = client.jwk.jws(header: jws_header, payload: env.body)
+    if @env.method != :get
+      @env.body = client.jwk.jws(header: jws_header, payload: env.body)
+    end
+
     @app.call(env).on_complete { |response_env| on_complete(response_env) }
   rescue Faraday::TimeoutError, Faraday::ConnectionFailed
     raise Acme::Client::Error::Timeout
@@ -79,18 +82,10 @@ class Acme::Client::FaradayMiddleware < Faraday::Middleware
     end
   end
 
-  LINK_MATCH = /<(.*?)>;rel="([\w-]+)"/
-
   def decode_link_headers
     return unless env.response_headers.key?('Link')
     link_header = env.response_headers['Link']
-
-    links = link_header.split(', ').map { |entry|
-      _, link, name = *entry.match(LINK_MATCH)
-      [name, link]
-    }
-
-    Hash[*links.flatten]
+    Acme::Client::Util.decode_link_headers(link_header)
   end
 
   def store_nonce

data/lib/acme/client/jwk/base.rb

@@ -14,10 +14,10 @@ class Acme::Client::JWK::Base
   # payload - A Hash of payload data.
   #
   # Returns a JSON String.
-  def jws(header: {}, payload: {})
+  def jws(header: {}, payload:)
     header = jws_header(header)
     encoded_header = Acme::Client::Util.urlsafe_base64(header.to_json)
-    encoded_payload = Acme::Client::Util.urlsafe_base64(payload.to_json)
+    encoded_payload = Acme::Client::Util.urlsafe_base64(payload.nil? ? '' : payload.to_json)
 
     signature_data = "#{encoded_header}.#{encoded_payload}"
     signature = sign(signature_data)

data/lib/acme/client/resources/account.rb

@@ -5,7 +5,7 @@ class Acme::Client::Resources::Account
 
   def initialize(client, **arguments)
     @client = client
-    assign_attributes(arguments)
+    assign_attributes(**arguments)
   end
 
   def kid

data/lib/acme/client/resources/authorization.rb

@@ -5,7 +5,7 @@ class Acme::Client::Resources::Authorization
 
   def initialize(client, **arguments)
     @client = client
-    assign_attributes(arguments)
+    assign_attributes(**arguments)
   end
 
   def deactivate

data/lib/acme/client/resources/challenges.rb

@@ -4,6 +4,7 @@ module Acme::Client::Resources::Challenges
   require 'acme/client/resources/challenges/base'
   require 'acme/client/resources/challenges/http01'
   require 'acme/client/resources/challenges/dns01'
+  require 'acme/client/resources/challenges/unsupported_challenge'
 
   CHALLENGE_TYPES = {
     'http-01' => Acme::Client::Resources::Challenges::HTTP01,
@@ -11,11 +12,6 @@ module Acme::Client::Resources::Challenges
   }
 
   def self.new(client, type:, **arguments)
-    klass = CHALLENGE_TYPES[type]
-    if klass
-      klass.new(client, **arguments)
-    else
-      { type: type }.merge(arguments)
-    end
+    CHALLENGE_TYPES.fetch(type, Unsupported).new(client, **arguments)
   end
 end

data/lib/acme/client/resources/challenges/base.rb

@@ -5,7 +5,7 @@ class Acme::Client::Resources::Challenges::Base
 
   def initialize(client, **arguments)
     @client = client
-    assign_attributes(arguments)
+    assign_attributes(**arguments)
   end
 
   def challenge_type
@@ -21,17 +21,9 @@ class Acme::Client::Resources::Challenges::Base
     true
   end
 
-  def send_challenge_vallidation(url:, key_authorization:)
-    @client.request_challenge_validation(
-      url: url,
-      key_authorization: key_authorization
-    ).to_h
-  end
-
   def request_validation
-    assign_attributes(**send_challenge_vallidation(
-      url: url,
-      key_authorization: key_authorization
+    assign_attributes(**send_challenge_validation(
+      url: url
     ))
     true
   end
@@ -42,6 +34,12 @@ class Acme::Client::Resources::Challenges::Base
 
   private
 
+  def send_challenge_validation(url:)
+    @client.request_challenge_validation(
+      url: url
+    ).to_h
+  end
+
   def assign_attributes(status:, url:, token:, error: nil)
     @status = status
     @url = url

data/lib/acme/client/resources/challenges/unsupported_challenge.rb

@@ -0,0 +1,2 @@
+class Acme::Client::Resources::Challenges::Unsupported < Acme::Client::Resources::Challenges::Base
+end

data/lib/acme/client/resources/order.rb

@@ -5,7 +5,7 @@ class Acme::Client::Resources::Order
 
   def initialize(client, **arguments)
     @client = client
-    assign_attributes(arguments)
+    assign_attributes(**arguments)
   end
 
   def reload
@@ -24,9 +24,9 @@ class Acme::Client::Resources::Order
     true
   end
 
-  def certificate
+  def certificate(force_chain: nil)
     if certificate_url
-      @client.certificate(url: certificate_url)
+      @client.certificate(url: certificate_url, force_chain: force_chain)
     else
       raise Acme::Client::Error::CertificateNotReady, 'No certificate_url to collect the order'
     end

data/lib/acme/client/util.rb

@@ -3,6 +3,17 @@ module Acme::Client::Util
     Base64.urlsafe_encode64(data).sub(/[\s=]*\z/, '')
   end
 
+  LINK_MATCH = /<(.*?)>\s?;\s?rel="([\w-]+)"/
+
+  # See RFC 8288 - https://tools.ietf.org/html/rfc8288#section-3
+  def decode_link_headers(link_header)
+    link_header.split(',').each_with_object({}) { |entry, hash|
+      _, link, name = *entry.match(LINK_MATCH)
+      hash[name] ||= []
+      hash[name].push(link)
+    }
+  end
+
   # Sets public key on CSR or cert.
   #
   # obj  - An OpenSSL::X509::Certificate or OpenSSL::X509::Request instance.

data/lib/acme/client/version.rb

@@ -2,6 +2,6 @@
 
 module Acme
   class Client
-    VERSION = '2.0.2'.freeze
+    VERSION = '2.0.7'.freeze
   end
 end

metadata

@@ -1,69 +1,57 @@
 --- !ruby/object:Gem::Specification
 name: acme-client
 version: !ruby/object:Gem::Version
-  version: 2.0.2
+  version: 2.0.7
 platform: ruby
 authors:
 - Charles Barbier
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-02-19 00:00:00.000000000 Z
+date: 2020-09-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.6'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.6.9
+        version: 1.17.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.6'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.6.9
+        version: 1.17.3
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 3.3.0
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.3'
+        version: '3.9'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 3.3.0
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.3'
+        version: '3.9'
 - !ruby/object:Gem::Dependency
   name: vcr
   requirement: !ruby/object:Gem::Requirement
@@ -71,9 +59,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.9'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 2.9.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -81,49 +66,40 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.9'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 2.9.3
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.21.0
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.21'
+        version: '3.8'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.21.0
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.21'
+        version: '3.8'
 - !ruby/object:Gem::Dependency
   name: faraday
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.9'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.9.1
+        version: '0.17'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 2.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.9'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.9.1
+        version: '0.17'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 2.0.0
 description: 
 email:
 - unixcharles@gmail.com
@@ -148,6 +124,7 @@ files:
 - lib/acme/client.rb
 - lib/acme/client/certificate_request.rb
 - lib/acme/client/certificate_request/ec_key_patch.rb
+- lib/acme/client/chain_identifier.rb
 - lib/acme/client/error.rb
 - lib/acme/client/faraday_middleware.rb
 - lib/acme/client/jwk.rb
@@ -161,6 +138,7 @@ files:
 - lib/acme/client/resources/challenges/base.rb
 - lib/acme/client/resources/challenges/dns01.rb
 - lib/acme/client/resources/challenges/http01.rb
+- lib/acme/client/resources/challenges/unsupported_challenge.rb
 - lib/acme/client/resources/directory.rb
 - lib/acme/client/resources/order.rb
 - lib/acme/client/self_sign_certificate.rb
@@ -185,7 +163,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.2
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: Client for the ACME protocol.